CN111294270A - Method, device, equipment and system for accessing data center - Google Patents

Method, device, equipment and system for accessing data center Download PDF

Info

Publication number
CN111294270A
CN111294270A CN201811496878.3A CN201811496878A CN111294270A CN 111294270 A CN111294270 A CN 111294270A CN 201811496878 A CN201811496878 A CN 201811496878A CN 111294270 A CN111294270 A CN 111294270A
Authority
CN
China
Prior art keywords
message
vlan identifier
identifier
mapping relationship
vlan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811496878.3A
Other languages
Chinese (zh)
Other versions
CN111294270B (en
Inventor
倪宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201811496878.3A priority Critical patent/CN111294270B/en
Publication of CN111294270A publication Critical patent/CN111294270A/en
Application granted granted Critical
Publication of CN111294270B publication Critical patent/CN111294270B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/4608LAN interconnection over ATM networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5614User Network Interface
    • H04L2012/5617Virtual LANs; Emulation of LANs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method, a device and a system for accessing a data center, wherein the method comprises the following steps: the method comprises the steps that a data center gateway DCGW obtains a first message sent by provider edge equipment PE, wherein the first message comprises a virtual path identifier VPI, a virtual channel identifier VCI and an IP data message; determining a first Virtual Local Area Network (VLAN) identifier corresponding to a virtual local area network (VPI) and a second VLAN identifier corresponding to a virtual local area network (VCI) based on a preset mapping relation; and packaging the IP data message based on the first VLAN identifier and the second VLAN identifier, generating a second message, and sending the second message to the network equipment of the data center. The technical scheme provided by the embodiment of the application can improve the safety of the ATM network accessing the data center and reduce the accessing cost.

Description

Method, device, equipment and system for accessing data center
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a system for accessing a data center.
Background
Asynchronous Transfer Mode (ATM) is a connection-oriented transport Mode. An ATM network is a transmission network based on ATM technology, and is generally applied to fields requiring high security, such as finance and military. In the ATM network, users can realize the point-to-point Ethernet private line (Ethernet-line) service of the ATM network in the operator network through the ATM interface on the router.
However, with the development of data centers based on Ethernet Virtual Private Network (EVPN) and Virtual extended local area Network (VXLAN) technologies, a great deal of traditional services tend to cloud data centers. More and more ATM network users have the appeal of accessing the data center, so that the problem of how to reduce the cost and improve the safety while accessing the data center is needed to be solved.
Disclosure of Invention
The application provides a method, a device, equipment and a system for accessing a data center, which are used for reducing the cost of accessing the data center while improving the security of the data center accessed by an ATM network.
A first aspect provides a method for accessing a Data center, in which a Data center gateway (Data center gateway, DCGW for short) obtains a first message sent by a Provider Edge (PE for short), where the first message includes a Virtual Path Identifier (VPI for short), a Virtual Channel Identifier (VCI for short), and an Internet Protocol (IP) Data message, determines, based on a preset mapping relationship, a first Virtual Local Area Network (VLAN) Identifier corresponding to the VPI and a second VLAN Identifier corresponding to the VCI, encapsulates the IP Data message based on the first VLAN Identifier and the second VLAN Identifier to generate a second message, and sends the second message to a network device of the Data center.
According to the first aspect of the embodiment of the application, the user, especially the ATM network user, can be accessed to the data center without looking up the routing table, so that the risk of leakage of the user IP data from the routing table is reduced, and the safety of the user accessing to the data center is improved. The method provided by the embodiment of the application can be realized on the basis of the existing network structure, the structure of the access network is not required to be improved, the requirements on PE (provider edge) equipment and DCGW (data center gateway) of an operator are reduced, and the cost is saved.
In one possible design, the mapping referred to in the first aspect includes a mapping between a VPI and a first VLAN identifier, and a mapping between a VCI and a second VLAN identifier. In the design, the mapping relationship between the VPI and the first VLAN identifier and the mapping relationship between the VCI and the second VLAN identifier are directly set in the mapping relationship, so that the DCGW can quickly acquire the first VLAN identifier and the second VLAN identifier, thereby improving the efficiency of accessing the data center.
In yet another possible design, the mapping relation related to the first aspect includes a first sub-mapping relation and a second sub-mapping relation, where the first sub-mapping relation includes a mapping relation between the index identifier and the VPI and the VCI, and the second sub-mapping relation includes a mapping relation between the index identifier and the first VLAN identifier and the second VLAN identifier.
The DCGW determines a first Virtual Local Area Network (VLAN) identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI based on a preset mapping relation, and the DCGW comprises the following steps: the DCGW determines index identifications corresponding to the VPI and the VCI based on the first sub-mapping relation; and determining a first VLAN identifier and a second VLAN identifier corresponding to the index identification based on the second sub-mapping relation. By setting the first sub-mapping relation and the second sub-mapping relation in the mapping relation, the process of determining the index identifier and the process of determining the first VLAN identifier and the second VLAN identifier can be carried out in different modules, the processing pressure of a single module is reduced, and the processing efficiency is improved.
In another possible design, the DCGW obtaining a first message sent by an operator edge device PE includes: the DCGW receives a Pseudo Wire (PW) message sent by provider edge equipment PE, and acquires a first message from the PW message.
In another possible design, the first aspect of the embodiment of the present application may further include: packaging the second message based on a Bridge Domain (BD) bound by a preset virtual Ethernet interface and a virtual network identifier to generate a VXLAN data message; and sending the VXLAN data message to the network equipment of the data center.
A second aspect provides an access device for accessing an ATM network to a data center, the access device comprising an acquisition module, a processing module, and a sending module.
The obtaining module is used for obtaining a first message sent by provider edge equipment PE, wherein the first message comprises a virtual path identifier VPI, a virtual channel identifier VCI and an IP data message.
The processing module is used for determining a first VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI based on a preset mapping relation, packaging the IP data message based on the first VLAN identifier and the second VLAN identifier and generating a second message.
The sending module is used for sending the second message to the network equipment of the data center.
In one possible design, the mapping includes a mapping between a VPI and a first VLAN identifier, and a mapping between a VCI and a second VLAN identifier.
In one possible design, the mapping relationship includes a first sub-mapping relationship and a second sub-mapping relationship, where the first sub-mapping relationship includes a mapping relationship between the index identifier and the VPI and the VCI, and the second sub-mapping relationship includes a mapping relationship between the index identifier and the first VLAN identifier and the second VLAN identifier, and the processing module includes:
and the first processing submodule is used for determining the index identifications corresponding to the VPI and the VCI based on the first sub-mapping relation.
And the second processing submodule is used for determining the first VLAN identifier and the second VLAN identifier corresponding to the index identification based on the second sub-mapping relation.
In one possible design, the obtaining module is specifically configured to: receiving a PW message sent by provider edge equipment PE, and acquiring a first message from the PW message.
In a possible design, the apparatus may further include an encapsulation module, where the encapsulation module is configured to encapsulate the second packet based on a bridge domain BD and a virtual network identifier bound to a preset virtual ethernet interface, and generate a virtual extensible local area network VXLAN data packet.
And the sending module is used for sending the VXLAN data message to the network equipment of the data center.
A third aspect provides a data center gateway, where the data network manager includes: a memory and a processor, wherein the memory and the processor are connected; the memory has stored therein instructions that, when executed by the processor, perform the first aspect and any one of the possible devised methods.
A fourth aspect is to provide a computer-readable storage medium having a computer program stored thereon, which, when run on a computer, causes the computer to perform the first aspect and any one of the possible design methods described above.
A fifth aspect is a computer program product comprising a computer program which, when run on a computer, causes the computer to perform the method of the first aspect and any one of the possible designs.
It should be understood that the second to fifth aspects are consistent with the technical solution of the first aspect of the present application, and similar advantageous effects are obtained in each aspect and corresponding possible implementation manner, and thus are not described again.
Drawings
The drawings that are required to be used in this application, either in the examples or in the background, are described below.
Fig. 1 is a schematic view of a scenario of ATM network user access to a data center provided in the prior art;
fig. 2 is a schematic view of a scenario of another ATM network user accessing a data center provided by the prior art;
fig. 3 is a flowchart of a method for accessing a data center according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a DCGW provided in the embodiment of the present application;
fig. 5 is a flowchart of a method for accessing a data center according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a DCGW provided in the embodiment of the present application;
fig. 7 is a schematic structural diagram of an access device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another access device provided in the embodiment of the present application;
fig. 9 is a schematic structural diagram of a data center gateway according to an embodiment of the present application.
Detailed Description
Fig. 1 is a schematic view of a scenario in which an ATM network user accesses a data center provided in the prior art, in the scenario shown in fig. 1, Virtual Private Networks (VPNs) are respectively established on an operator edge device PE, a DCGW, and a Top of Rack switch (Top of Rack, TOR for short), so as to form a three-layer VPN scheme, and the operator edge device PE implements heterogeneous ATM and ethernet interfaces through local heterogeneous. The ATM network user 1, the ATM network user 2 and the ATM network user 3 are accessed to a VPN constructed by an operator edge device PE through an ATM interface on the operator edge device PE, the operator edge device PE sends data of the ATM network user 1, the ATM network user 2 or the ATM network user 3 to the VPN constructed by a DCGW through an Ethernet interface, and the DCGW receives the data and forwards the data to the TOR through inquiring a routing table (the routing table comprises IP information of the ATM network user 1, the ATM network user 2 and the ATM network user 3) so that the TOR forwards the data to a corresponding server 1, the server 2 or the server 3 for processing. However, since the IP information of the ATM network user is exposed in the routing table of the DCGW and is easily leaked, the security of this access method is low.
Fig. 2 is a schematic view of another scenario in which an ATM network user accesses a data center provided in the prior art, in the scenario shown in fig. 2, an operator edge PE has a 1483b function, and the operator edge PE implements local ATM and ethernet interface isomerism through local isomerism, where 1483b means that a RFC1483bridge mode is used to encapsulate a data packet of a network layer at a data link layer, and an ethernet bridging function is simulated, and after the operator edge PE configures the 1483b function, the operator edge PE can implement bridging from an ethernet packet to an ATM cell. In this scenario, ATM network user 1, ATM network user 2, ATM network user 3 access the provider edge PE through an ATM interface on the provider edge PE, data of ATM network user 1, ATM network user 2 or ATM network user 3 is output by an ethernet interface on the provider edge PE and externally looped back to the provider edge PE, then the Virtual Private Wire Service (VPWS) interface on the provider edge PE is used to send it to the Ethernet VPWS, via the ethernet VPWS to the DCGW which, similarly, after receiving the data of ATM network user 1, ATM network user 2 or ATM network user 3, the data is externally looped back to the VPWS interface of the DCGW via the ethernet interface on the DCGW, sent by the VPWS interface to the TOR, so that the TOR forwards the data to the corresponding server 1, server 2 or server 3 for processing. However, in this scenario, the provider edge PE must have 1483b function, and the provider edge PE and the DCGW need external physical loopback, so the system architecture of the entire access network is complex, the cost is high, and operation and service expansion are not easy.
In view of the foregoing problems in the prior art, an embodiment of the present application provides a scheme for accessing a data center, where a mapping relationship is set in a DCGW, where the mapping relationship includes a correspondence relationship between a VPI and a first VLAN identifier, and a correspondence relationship between a VCI and a second VLAN identifier, where the first VLAN identifier may be an identifier of a service provider VLAN, and the second VLAN identifier may be an identifier of a user VLAN, and when the DCGW receives a first packet sent by an operator edge device PE, where the first packet may be an ATM packet, the VPI and the VCI carried in the ATM packet are mapped into corresponding first VLAN identifier and second VLAN identifier according to the mapping relationship, so that IP data in the first packet is forwarded to a network device of the data center according to the first VLAN identifier and the second VLAN identifier. The method can access the user, especially the ATM network user, to the data center without searching the routing table, thereby reducing the risk of the user IP data leaking from the routing table and improving the safety of the user accessing to the data center. The scheme can be realized on the basis of the existing network structure, the structure of an access network is not required to be improved, the cost is saved, the Provider Edge (PE) is not required to have a 1483b function and an external loopback design, the complexity of the network is reduced, and the maintenance is convenient.
The following describes the technical solution of the embodiment of the present application in detail.
Fig. 3 is a flowchart of a method for accessing a data center according to an embodiment of the present application, where as shown in fig. 3, the method includes:
step 101, the DCGW obtains a first message sent by an operator edge device PE, where the first message includes a virtual path identifier VPI, a virtual channel identifier VCI, and an IP data message, where the first message may be an ATM message, and the operator edge device PE may be an operator edge device in an ATM network.
Step 102, the DCGW determines a first VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI based on a preset mapping relationship.
The first VLAN identifier may be understood as an identifier of a service provider VLAN, and the second VLAN identifier may be understood as an identifier of a user VLAN, and the first VLAN identifier and the second VLAN identifier are named in the present embodiment only to distinguish the identifier of the service provider VLAN from the identifier of the user VLAN, but do not have other meanings.
Step 103, the DCGW encapsulates the IP data packet based on the first VLAN identifier and the second VLAN identifier, generates a second packet, where the second packet may be an ethernet data packet, and sends the second packet to the network device of the data center.
For example, fig. 4 is a schematic structural diagram of a DCGW provided in this embodiment of the present application, and as shown in fig. 4, in this scenario, the DCGW40 includes an ethernet board 41, a multi-service processing board 42, a switching network 43, and an ethernet board 44. The ethernet board 41 and the ethernet board 44 may be understood as an ethernet port module, which can provide an ethernet port function; the multiservice processing board 42 can be understood as a processing module which can be used for data processing. The ethernet board 41 and the ethernet board 44 exchange data with the multi-service processing board 42 through the switching network 43.
Taking the first message as an ATM message as an example, in a feasible implementation manner, the provider edge PE may send a PW message carrying the ATM message to an interface connected to the ethernet board 41 through a PW, and the ethernet board 41 extracts the ATM message from the PW message and sends the ATM message to the service processing board 42 through the switching network 43 for processing, that is, in the implementation manner, the process of acquiring the ATM message by the DCGW may exemplarily be expressed as that the DCGW receives the PW message sent by the provider edge PE on the ATM network side, and acquires the ATM message from the PW message. Of course, the above implementation is only an exemplary illustration for helping understanding, and is not a sole limitation to the embodiments of the present application, and in fact, in an actual scenario, the provider edge PE may send the ATM message on the ATM network side to the DCGW40 in any feasible manner, and is not limited to the manner of the PW message.
Further, after receiving the ATM message, the multi-service processing board 42 extracts the IP data message from the ATM message, and maps the VPI carried in the ATM message to a corresponding first VLAN identifier and the VCI to a corresponding second VLAN identifier according to a pre-stored mapping relationship. Taking the mapping relationship shown in table one as an example:
watch 1
ATM(VPI) ATM(VCI) Ether (service provider VLAN) Ethernet (user VLAN)
40 41 100 200
80 81 101 201
In the first table, the first VLAN identifier is exemplarily represented as an identifier of a provider VLAN, the second VLAN identifier is exemplarily represented as an identifier of a user VLAN, when a VPI carried in an ATM message is 40 and a VCI carried in the ATM message is 41, the multi-service processing board 42 obtains, according to the mapping relationship shown in the first table, that the first VLAN identifier corresponding to the VPI is 100 and the second VLAN identifier corresponding to the VCI is 200, or when a VPI carried in an ATM message is 80 and a VCI carried in the ATM message is 81, obtains that the first VLAN identifier corresponding to the VPI is 101 and the second VLAN identifier corresponding to the VCI is 201. Of course, the mapping shown in table one is merely illustrative and not the only limitation of the mapping referred to in this application.
Further, after obtaining a first VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI, the multi-service processing board 42 firstly encapsulates the extracted IP data packet according to the first VLAN identifier and the second VLAN identifier to generate a second packet, encapsulates the second packet based on the bridge domain BD and the virtual network identifier bound to the preset virtual ethernet interface to generate a VXLAN data packet, and sends the VXLAN data packet to the ethernet board 44 through the switching network 43, so that the ethernet board 44 sends the VXLAN data packet to the network device of the data center.
The foregoing is, of course, merely illustrative and not the only limitation on the present application. In fact, the first packet may not be limited to the ATM packet, and the mapping relationship may also be set as needed, as long as the first VLAN identifier corresponding to the VPI and the second VLAN identifier corresponding to the VCI can be obtained according to the mapping relationship. In addition, the structure of the DCGW may also be adjusted as needed, and is not limited to the structure provided in the above example, as long as the structure can satisfy the forwarding requirement based on the mapping relationship.
In this embodiment, the DCGW determines, by acquiring a first message sent by an edge device PE of an operator, the first message including a virtual path identifier VPI, a virtual channel identifier VCI, and an IP data message, based on a preset mapping relationship, a first VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI, encapsulates the IP data message based on the first VLAN identifier and the second VLAN identifier to generate a second message, and sends the second message to a network device of a data center. The access scheme provided by the embodiment can access the user, especially the ATM network user, to the data center without searching the routing table, thereby reducing the risk of leakage of the user IP data from the routing table and improving the security of the user access to the data center. The technical scheme provided by this embodiment can be implemented on the basis of the existing network structure, and the structure of the access network does not need to be improved, especially the operator edge device PE is not required to have 1483b function, and no external loopback needs to be set on the operator edge device PE and the DCGW, so that the requirement on the operator edge device PE is reduced, the network structure is simplified, and the cost is saved.
Further optimization and extension of the above embodiment are provided below.
Fig. 5 is a flowchart of a method for accessing a data center according to an embodiment of the present application, where a mapping relationship preset in an access scheme provided in fig. 5 includes a first sub-mapping relationship and a second sub-mapping relationship, the first sub-mapping relationship includes a mapping relationship between an index identifier and VPI and VCI, and the second sub-mapping relationship includes a mapping relationship between an index identifier and a first VLAN identifier and a second VLAN identifier. On this basis, the technical scheme provided by fig. 5 includes:
step 201, the DCGW obtains a first message sent by the provider edge PE, where the first message includes a virtual path identifier VPI, a virtual channel identifier VCI, and an IP data message.
Step 202, the DCGW determines index identifiers corresponding to the VPI and the VCI based on the first sub-mapping relationship.
Step 203, the DCGW determines the first VLAN identifier and the second VLAN identifier corresponding to the index identifier based on the second sub-mapping relationship.
Step 204, the DCGW encapsulates the IP data packet based on the first VLAN identifier and the second VLAN identifier, generates a second packet, and sends the second packet to the network device of the data center.
The following description is made in conjunction with specific scenarios for ease of understanding.
For example, fig. 6 is a schematic structural diagram of a DCGW provided in this embodiment of the present application, and as shown in fig. 6, a DCGW60 includes an ethernet board 61, a multi-service processing board 62, a switching network 63, and an ethernet board 64, and this embodiment optimizes the multi-service processing board 62 on the basis of the DCGW40 shown in fig. 4. The multi-service processing board 62 includes: a traffic control module (TM) 621, a TM622, a forwarding Central Processing Unit (CPU) 623, a forwarding CPU624 and a control CPU625, where the forwarding CPU623 includes a virtual ATM interface 6231 and the forwarding CPU624 includes a virtual ethernet interface 6241.
One end of the TM621 is connected to the switching network 63, and the other end is connected to the virtual ATM interface 6231 on the forwarding CPU623, where the TM621 is configured to send data of the switching network 63 to the forwarding CPU 623; one end of the TM622 is connected to the switching network 63, and the other end is connected to the virtual ethernet interface 6241 on the forwarding CPU624, and is configured to forward the output data of the forwarding CPU624 to the switching network 63, and the control CPU625 is connected to the forwarding CPU623 and the forwarding CPU624, respectively, and in a feasible design, the control CPU625 is configured to issue the first sub-mapping relationship and the second sub-mapping relationship to the forwarding CPU623 and the forwarding CPU624, that is, in this design, the forwarding CPU623 and the forwarding CPU624 both store the first sub-mapping relationship and the second sub-mapping relationship. In another feasible design, the control CPU625 may be configured to issue the first sub-mapping relationship to the forwarding CPU623 and issue the second sub-mapping relationship to the forwarding CPU624, that is, in this design, mapping relationships stored in the forwarding CPU623 and the forwarding CPU624 are different, and by issuing the first sub-mapping relationship to the forwarding CPU623 and issuing the second sub-mapping relationship to the forwarding CPU624, the storage space of a single forwarding CPU can be saved, and the storage burden of a single forwarding CPU can be reduced.
Taking the first message as an ATM message as an example, the ethernet board 61 receives an ATM message sent by the provider edge PE, and after obtaining the ATM message, forwards the ATM message to the TM621 through the switching network 63, the TM621 forwards the ATM message to the virtual ATM interface 6231 on the forwarding CPU623, the forwarding CPU623 obtains the ATM message from the virtual ATM interface 6231, extracts an IP data message from the ATM message, determines the index identifiers corresponding to the VPI and VCI carried in the ATM message according to the mapping relationship issued by the control CPU625, and sends the index identifiers and the extracted IP data message to the forwarding CPU624, the forwarding CPU624 determines the first VLAN identifier and the second VLAN identifier corresponding to the index identifier according to the mapping relationship issued by the control CPU625, encapsulates the IP data message based on the first VLAN identifier and the second VLAN identifier, and sends the encapsulated second message to the virtual ethernet interface 6241, the virtual ethernet interface 6241 encapsulates the second packet based on the bound bridge domain BD and the virtual network identifier to generate a VXLAN data packet, and sends the VXLAN data packet to the ethernet board 64 through the TM622 and the switching network 63, so that the ethernet board 64 sends the VXLAN data packet to the data center side.
For example, assume table two is a mapping relationship that the control CPU625 issues to the forwarding CPU623 and the forwarding CPU 624:
watch two
Index identification ATM(VPI) ATM(VCI) Ether (service provider VLAN) Ethernet (user VLAN)
1001 40 41 100 200
1002 80 81 101 201
In the second table, the first VLAN identifier is specifically an identifier of a provider VLAN, the second VLAN identifier is specifically an identifier of a user VLAN, when the VPI and the VCI carried in the ATM message received by the forwarding CPU623 are 40 and 41, it is determined that the index identifiers corresponding to the VPI and the VCI are 1001, at this time, the index identifiers 1001 and the IP packet message are sent to the forwarding CPU624, and the forwarding CPU624 determines that the corresponding first VLAN identifier is 100 and the corresponding second VLAN identifier is 200 according to the mapping relationship between the index identifiers 1001 and the second table.
Or, when the VPI and the VCI carried in the ATM message received by the forwarding CPU623 are 80 and 81, determining that the index identifier corresponding to the VPI and the VCI is 1002, at this time, sending the index identifier 1002 and the IP data message to the forwarding CPU624, and the forwarding CPU624 determines that the corresponding first VLAN identifier is 101 and the corresponding second VLAN identifier is 201 according to the mapping relationship between the index identifier 1002 and the table two.
Or, when the mapping relationship (i.e., the first sub-mapping relationship) issued by the control CPU625 to the forwarding CPU623 is table three and the mapping relationship (i.e., the second sub-mapping relationship) issued to the forwarding CPU624 is table four:
watch III
Mapping relation index ATM(VPI) ATM(VCI)
1000 50 51
Watch four
Index identification Ether (service provider VLAN) Ethernet (user VLAN)
1000 300 400
After forwarding the ATM message received by the CPU623, mapping the VPI — 50 and the VCI — 41 carried in the ATM message to the index identifier 1000 according to the mapping relationship in table three, and sending the index identifier 1000 and the IP data message to the forwarding CPU624, where the forwarding CPU624 maps the index identifier 1000 to the first VLAN identifier — 300 and the second VLAN identifier — 400 according to table four.
Of course, the above description is only given by taking the case that the multi-service processing board includes two forwarding CPUs as an example, but the number of forwarding CPUs in the multi-service processing board in other scenarios may not be limited to two, for example, may be one, three, or any other arbitrarily set number, or in some scenarios, the function of a forwarding CPU may also be added to the control CPU, for example, in fig. 6, the function of a forwarding CPU623 and/or a CPU624 may be added to the control CPU625, so as to achieve the purposes of reducing the number of CPUs and reducing the cost.
Similarly, the specific form and the specific content of the mapping relationship in other scenarios may not be limited to any one or more of tables one to four. In fact, the expression form of the mapping relationship can be set as required.
In addition, the structure of DCGW60 may also be adjusted as needed, and is not limited to the structure provided in the above example, as long as the structure can satisfy the forwarding requirement based on the mapping relationship.
In this embodiment, a first sub-mapping relationship and a second sub-mapping relationship are set in a preset mapping relationship, so that the first sub-mapping relationship includes a mapping relationship between an index identifier and VPI and VCI, and the second sub-mapping relationship includes a mapping relationship between an index identifier and a first VLAN identifier and a second VLAN identifier, when the first VLAN identifier and the second VLAN identifier are determined, the index identifiers corresponding to the VPI and the VCI are determined according to the first sub-mapping relationship, and then the first VLAN identifier and the second VLAN identifier corresponding to the index identifiers are determined according to the second sub-mapping relationship, so that the determining process of the index identifiers and the determining processes of the first VLAN identifier and the second VLAN identifier can be performed in different modules, the processing pressure of a single module is reduced, and the processing efficiency is improved.
Fig. 7 is a schematic structural diagram of an access device according to an embodiment of the present application, where the access device 70 is used for accessing an ATM network to a data center, and the access device 70 includes:
the obtaining module 71 is configured to obtain a first message sent by an edge device PE of an operator, where the first message includes a virtual path identifier VPI, a virtual channel identifier VCI, and an IP data message, and the first message may be an ATM message.
The processing module 72 is configured to determine, based on a preset mapping relationship, a first VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI; and encapsulating the IP data message based on the first VLAN identifier and the second VLAN identifier to generate a second message, wherein the second message can be the Ethernet data message, the first VLAN identifier can be an identifier of a service provider VLAN, and the second VLAN identifier can be an identifier of a user VLAN.
The mapping relationship referred to in this embodiment may be understood as the mapping relationship in the embodiment of fig. 3 or fig. 4 by way of example.
The sending module 73 is configured to send the second message to a network device of the data center.
In one possible design, the mapping includes a mapping between a VPI and a first VLAN identifier, and a mapping between a VCI and a second VLAN identifier.
In one possible design, the obtaining module 71 is specifically configured to: receiving a PW message sent by provider edge equipment PE, and acquiring a first message from the PW message.
In a possible design, the apparatus 70 may further include an encapsulation module, where the encapsulation module is configured to encapsulate the second packet based on the bridge domain BD and the virtual network identifier bound to the preset virtual ethernet interface, so as to generate a virtual extensible local area network VXLAN data packet. The sending module 73 is configured to send the VXLAN data packet to a network device of a data center.
The access device 70 provided in this embodiment can be used to execute the method technical solution in the embodiment of fig. 3, and the execution manner and the beneficial effects are similar, and are not described again here.
Fig. 8 is a schematic structural diagram of another access apparatus provided in an embodiment of the present application, and as shown in fig. 8, the processing module 72 includes a first processing sub-module 721 and a second processing sub-module 722, where the first processing sub-module 721 is configured to determine, based on the first sub-mapping relationship, index identifiers corresponding to the VPI and the VCI, and the second processing sub-module 722 is configured to determine, based on the second sub-mapping relationship, a first VLAN identifier and a second VLAN identifier corresponding to the index identifiers.
On the basis of the embodiment of fig. 7, the preset mapping relationship includes a first sub-mapping relationship and a second sub-mapping relationship, where the first sub-mapping relationship includes a mapping relationship between an index identifier and VPI and VCI, and the second sub-mapping relationship includes a mapping relationship between an index identifier and a first VLAN identifier and a second VLAN identifier, and for convenience of understanding, the first sub-mapping relationship and the second sub-mapping relationship may be exemplarily understood as the mapping relationships in the embodiments of fig. 5 or fig. 6 in this embodiment.
The apparatus provided in this embodiment can be used to execute the method technical solution in the embodiment of fig. 5, and the execution manner and the beneficial effects are similar, which are not described herein again.
It should be understood that the division of the modules of the access device shown in fig. 7-8 is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling by the processing element in software, and part of the modules can be realized in the form of hardware. For example, the processing module may be a processing element that is set up separately, or may be implemented by being integrated in a chip of the access device, such as DCGW, or may be stored in a memory of the access device in the form of a program, and the processing element of the access device calls and executes the functions of the above modules. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling programs. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).
Fig. 9 is a schematic structural diagram of a data center gateway according to an embodiment of the present application, where the data center gateway 1200 includes a processor 1210, a memory 1230, an interface 1240, and a bus 1250. Wherein, the interface 1240, the processor 1210 and the memory 1230 are connected through a bus 1250, the interface 1240 is used for receiving ATM messages sent by the provider edge PE on the ATM network side and sending ethernet data messages output by the DCGW to the data center side, the memory 1230 is used for storing instructions, and the processor 1210 is used for executing the instructions stored in the memory 1230. The memory 1230 of the data center gateway stores program code and the processor 1210 can invoke the program code stored in the memory 1230 to perform the various methods of accessing a data center described in fig. 5 and 3 herein. To avoid repetition, it is not described in detail here.
In the present embodiment, the processor 1210 may be a Central Processing Unit (CPU), and the processor 1210 may also be other general-purpose processors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), Field Programmable Gate Arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and so on. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 1230 may include a Read Only Memory (ROM) device or a Random Access Memory (RAM) device. Any other suitable type of memory device can also be used as memory 1230. Memory 1230 may include code and data that are accessed by processor 1210 using bus 1250. Memory 1230 may further include an operating system and application programs, including at least one program that allows processor 1210 to perform the methods of accessing a data center described herein.
The bus 1250 may include a power bus, a control bus, a status signal bus, and the like, in addition to a data bus. But for clarity of illustration the various busses are labeled in the figures as bus 1250.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program runs on a computer, the computer is enabled to execute the method according to any one of the embodiments shown in fig. 3 and fig. 5, and the execution and beneficial effects are similar to those of the above-mentioned embodiment, and are not described herein again.
Furthermore, the present application also provides a computer program product, which includes a computer program, when it runs on a computer, the computer is caused to execute the method of any one of the embodiments shown in fig. 3 and fig. 5.
Those of skill in the art will appreciate that the functions described in connection with the various illustrative logical blocks, modules, and algorithm steps described in the disclosure herein may be implemented as hardware, software, firmware, or any combination thereof. If implemented in software, the functions described in the various illustrative logical blocks, modules, and steps may be stored on or transmitted over as one or more instructions or code on a computer-readable medium and executed by a hardware-based processing unit. The computer-readable medium may include a computer-readable storage medium, which corresponds to a tangible medium, such as a data storage medium, or any communication medium including a medium that facilitates transfer of a computer program from one place to another (e.g., according to a communication protocol). In this manner, a computer-readable medium may generally correspond to (1) a non-transitory tangible computer-readable storage medium, or (2) a communication medium, such as a signal or carrier wave. A data storage medium may be any available medium that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementing the techniques described herein. The computer program product may include a computer-readable medium.
By way of example, and not limitation, such computer-readable storage media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the instructions are transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. It should be understood, however, that the computer-readable storage media and data storage media do not include connections, carrier waves, signals, or other transitory media, but are instead directed to non-transitory tangible storage media. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The instructions may be executed by one or more processors, such as one or more Digital Signal Processors (DSPs), general purpose microprocessors, Application Specific Integrated Circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry. Thus, the term "processor," as used herein may refer to any of the foregoing structure or any other structure suitable for implementation of the techniques described herein. Additionally, in some aspects, the functions described by the various illustrative logical blocks, modules, and steps described herein may be provided within dedicated hardware and/or software modules configured for encoding and decoding, or incorporated in a combined codec. Also, the techniques may be fully implemented in one or more circuits or logic elements.
The techniques of this application may be implemented in a wide variety of devices or apparatuses, including a DCGW, an Integrated Circuit (IC), or a set of ICs (e.g., a chipset). Various components, modules, or units are described in this application to emphasize functional aspects of means for performing the disclosed techniques, but do not necessarily require realization by different hardware units. Indeed, as described above, the various units may be combined in a codec hardware unit, in conjunction with suitable software and/or firmware, or provided by an interoperating hardware unit (including one or more processors as described above).
The above description is only an exemplary embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method of accessing a data center, comprising:
the method comprises the steps that a data center gateway DCGW obtains a first message sent by an operator edge PE, wherein the first message comprises a virtual path identifier VPI, a virtual channel identifier VCI and an internet protocol IP data message;
the DCGW determines a first Virtual Local Area Network (VLAN) identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI based on a preset mapping relation;
and the DCGW packages the IP data message based on the first VLAN identifier and the second VLAN identifier, generates a second message and sends the second message.
2. The method of claim 1, wherein the mapping comprises a mapping between the VPI and the first VLAN identifier and a mapping between the VCI and the second VLAN identifier.
3. The method of claim 1, wherein the mapping relationship comprises a first sub-mapping relationship and a second sub-mapping relationship, wherein the first sub-mapping relationship comprises an index identification and a mapping relationship between the VPI and the VCI, and wherein the second sub-mapping relationship comprises a mapping relationship between the index identification and the first VLAN identifier and the second VLAN identifier;
the DCGW determines, based on a preset mapping relationship, a first virtual local area network VLAN identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI, including:
the DCGW determines index identifications corresponding to the VPI and the VCI based on the first sub-mapping relation;
and determining a first VLAN identifier and a second VLAN identifier corresponding to the index identification based on the second sub-mapping relation.
4. The method according to any of claims 1-3, wherein the obtaining, by the data center gateway DCGW, the first packet sent by the operator edge device PE comprises:
and the data center gateway DCGW receives a pseudo wire PW message sent by the provider edge PE and acquires the first message from the PW message.
5. The method according to any one of claims 1-3, further comprising:
the DCGW packages the second message based on a bridge domain BD and a virtual network identifier bound by a preset virtual Ethernet interface to generate a virtual extensible local area network VXLAN data message;
and the DCGW sends the VXLAN data message to network equipment of a data center.
6. An access device, the device comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a first message sent by provider edge equipment (PE), and the first message comprises a Virtual Path Identifier (VPI), a Virtual Channel Identifier (VCI) and an IP data message;
the processing module is used for determining a first Virtual Local Area Network (VLAN) identifier corresponding to the VPI and a second VLAN identifier corresponding to the VCI based on a preset mapping relation, and packaging the IP data message based on the first VLAN identifier and the second VLAN identifier to generate a second message;
and the sending module is used for sending the second message.
7. The apparatus of claim 6, wherein the mapping comprises a mapping between the VPI and the first VLAN identifier and a mapping between the VCI and the second VLAN identifier.
8. The apparatus of claim 6, wherein the mapping relationship comprises a first sub-mapping relationship and a second sub-mapping relationship, wherein the first sub-mapping relationship comprises an index identification and a mapping relationship between the VPI and the VCI, and wherein the second sub-mapping relationship comprises a mapping relationship between the index identification and the first VLAN identifier and the second VLAN identifier;
the processing module comprises:
the first processing submodule is used for determining index identifications corresponding to the VPI and the VCI based on the first sub-mapping relation;
and the second processing submodule is used for determining a first VLAN identifier and a second VLAN identifier corresponding to the index identification based on the second sub-mapping relation.
9. The apparatus according to any one of claims 6 to 8, wherein the obtaining module is specifically configured to:
receiving a Pseudo Wire (PW) message sent by provider edge equipment (PE), and acquiring the first message from the PW message.
10. The apparatus according to any one of claims 6-8, further comprising:
the encapsulation module is used for encapsulating the second message based on a bridge domain BD and a virtual network identifier bound by a preset virtual Ethernet interface to generate a virtual extensible local area network VXLAN data message;
and the sending module is used for sending the VXLAN data message to network equipment of a data center.
11. A data center gateway, comprising:
the memory is connected with the processor;
the memory has stored therein instructions that, when executed by the processor, perform the method of any of claims 1-5.
12. A computer-readable storage medium, in which a computer program is stored which, when run on a computer, causes the computer to carry out the method according to any one of claims 1 to 5.
CN201811496878.3A 2018-12-07 2018-12-07 Method, device, equipment and system for accessing data center Active CN111294270B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811496878.3A CN111294270B (en) 2018-12-07 2018-12-07 Method, device, equipment and system for accessing data center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811496878.3A CN111294270B (en) 2018-12-07 2018-12-07 Method, device, equipment and system for accessing data center

Publications (2)

Publication Number Publication Date
CN111294270A true CN111294270A (en) 2020-06-16
CN111294270B CN111294270B (en) 2021-12-03

Family

ID=71029175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811496878.3A Active CN111294270B (en) 2018-12-07 2018-12-07 Method, device, equipment and system for accessing data center

Country Status (1)

Country Link
CN (1) CN111294270B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1383294A (en) * 2001-04-26 2002-12-04 友讯科技股份有限公司 Method for providing multi-user service by VLAN
US20040090970A1 (en) * 2002-11-11 2004-05-13 Sanchez Cheryl A. Distribution of data flows to local loop subscribers by an access multiplexer
US20040165600A1 (en) * 2003-02-21 2004-08-26 Alcatel Customer site bridged emulated LAN services via provider provisioned connections
US6947739B2 (en) * 2000-12-28 2005-09-20 Hitachi Kokusai Electric Inc. Subscriber wireless access system
US20060126644A1 (en) * 2000-06-02 2006-06-15 Shinichi Akahane VPN router and VPN identification method by using logical channel identifiers
CN1863127A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 Method for core network access to multi-protocol sign exchange virtual special network
CN101013994A (en) * 2006-01-03 2007-08-08 阿尔卡特朗讯公司 Providing services over hybrid networks
CN101335708A (en) * 2008-08-06 2008-12-31 杭州华三通信技术有限公司 Packet forwarding method and operator edge converging equipment
CN101617305A (en) * 2007-01-17 2009-12-30 北方电讯网络有限公司 Use is based on the border gateway protocol procedures tunnel, that be used for MPLS and layer 2 VPN of Ethernet
CN102106122A (en) * 2005-04-28 2011-06-22 思科技术公司 System and method for DSL subcriber identification over Ethernet network
US20120140672A1 (en) * 2001-07-02 2012-06-07 Buckman Charles R System and method for processing network packet flows
US20120294154A1 (en) * 2011-05-19 2012-11-22 Calix, Inc. Ethernet oam to atm oam interworking for loopback capability
CN103188170A (en) * 2011-12-31 2013-07-03 北京大唐高鸿软件技术有限公司 VPI/VCI conversion method and device of automatic teller machine (ATM) multiple service access exchange board
CN103269300A (en) * 2013-05-21 2013-08-28 杭州华三通信技术有限公司 Method and equipment for achieving heterogeneous network interconnection
CN110581792A (en) * 2019-09-20 2019-12-17 杭州迪普信息技术有限公司 Message transmission method and device

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126644A1 (en) * 2000-06-02 2006-06-15 Shinichi Akahane VPN router and VPN identification method by using logical channel identifiers
US6947739B2 (en) * 2000-12-28 2005-09-20 Hitachi Kokusai Electric Inc. Subscriber wireless access system
CN1383294A (en) * 2001-04-26 2002-12-04 友讯科技股份有限公司 Method for providing multi-user service by VLAN
US20120140672A1 (en) * 2001-07-02 2012-06-07 Buckman Charles R System and method for processing network packet flows
US20040090970A1 (en) * 2002-11-11 2004-05-13 Sanchez Cheryl A. Distribution of data flows to local loop subscribers by an access multiplexer
US20040165600A1 (en) * 2003-02-21 2004-08-26 Alcatel Customer site bridged emulated LAN services via provider provisioned connections
CN102106122A (en) * 2005-04-28 2011-06-22 思科技术公司 System and method for DSL subcriber identification over Ethernet network
CN1863127A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 Method for core network access to multi-protocol sign exchange virtual special network
CN101013994A (en) * 2006-01-03 2007-08-08 阿尔卡特朗讯公司 Providing services over hybrid networks
CN101617305A (en) * 2007-01-17 2009-12-30 北方电讯网络有限公司 Use is based on the border gateway protocol procedures tunnel, that be used for MPLS and layer 2 VPN of Ethernet
CN101335708A (en) * 2008-08-06 2008-12-31 杭州华三通信技术有限公司 Packet forwarding method and operator edge converging equipment
US20120294154A1 (en) * 2011-05-19 2012-11-22 Calix, Inc. Ethernet oam to atm oam interworking for loopback capability
CN103188170A (en) * 2011-12-31 2013-07-03 北京大唐高鸿软件技术有限公司 VPI/VCI conversion method and device of automatic teller machine (ATM) multiple service access exchange board
CN103269300A (en) * 2013-05-21 2013-08-28 杭州华三通信技术有限公司 Method and equipment for achieving heterogeneous network interconnection
CN110581792A (en) * 2019-09-20 2019-12-17 杭州迪普信息技术有限公司 Message transmission method and device

Also Published As

Publication number Publication date
CN111294270B (en) 2021-12-03

Similar Documents

Publication Publication Date Title
CN108293022B (en) Method, device and system for transmitting message
CN110999265B (en) Managing network connectivity between cloud computing service endpoints and virtual machines
WO2019042186A1 (en) Network management method and related device
US9621685B2 (en) Architecture for an access network system management protocol control under heterogeneous network management environment
WO2017162089A1 (en) Service configuration method and device for network service
CN104753789B (en) A kind of method and system to E-Packet
US20230370375A1 (en) Data processing method and system, encapsulation node, and de-encapsulation node
CN101242370B (en) Method for realizing Ethernet and frame-relay Internet and protocol conversion device
CN115314353B (en) Device and method for realizing single-pod multi-network card based on kubernetes
US20230318971A1 (en) Packet Transmission Method, Device, and System
CN113726637A (en) Network traffic transparent transmission method and device based on cloud platform and storage medium
EP3691210A1 (en) Flexible ethernet message forwarding method and apparatus
CN111294270B (en) Method, device, equipment and system for accessing data center
CN114760165A (en) Message transmission method, device and system
US20210112607A1 (en) Communication system and communication method
WO2019134637A1 (en) Method, device, and system for multi-type network virtualization overlay interconnection
CN116828024A (en) Service connection identification method, device, system and storage medium
WO2019056239A1 (en) Packet synchronization method and device
CN105704023B (en) Message forwarding method and device of stacking system and stacking equipment
CN115242699A (en) Message transmission method, slice generation method, device and system
CN114531320A (en) Communication method, device, equipment, system and computer readable storage medium
CN114513485A (en) Method, device, equipment and system for obtaining mapping rule and readable storage medium
CN115277640B (en) Data processing method, device, intelligent network card and storage medium
US20240022513A1 (en) Communication Method and Apparatus
CN115086251B (en) Stacked data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant